package com.godofgamblers.hotelmanagementsystem.realm;

import com.godofgamblers.hotelmanagementsystem.pojo.Role;
import com.godofgamblers.hotelmanagementsystem.pojo.User;
import com.godofgamblers.hotelmanagementsystem.service.RoleService;
import com.godofgamblers.hotelmanagementsystem.service.UserService;
import lombok.Data;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.HashSet;
import java.util.List;
import java.util.Set;

/*

@author huanglang

@create_time 2019-10-09 19:36

Nothing is difficult but bugs

*/
@Data
public class UserRealm extends AuthorizingRealm{
    @Autowired
    private UserService userService;
    @Autowired
    private RoleService roleService;
    //授权：以当前用户的账号到数据库中去查询当前用户是什么角色、有哪些权限
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        System.out.println("正在查询用户的角色、权限");
        String account = (String)principals.getPrimaryPrincipal();//得到token中账号
        User user = (User)SecurityUtils.getSubject().getSession().getAttribute("user");

       Role role = roleService.selectRoleByUser_id(user);
//        System.out.println("???????????????????????????????????????????????????????????????chaksanfsdklajlkjsalifhlij                "+role);
       Set<String> rolesSet = new HashSet<>();
//        for (Role role : roles) {
            rolesSet.add(role.getRole_name());
//        }
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
        info.addRoles(rolesSet);
//
        System.out.println("认证");
        return info;
    }

    //认证
    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
        System.out.println("正在查询账号密码!!!!");
        Session session = SecurityUtils.getSubject().getSession();
//        User user=new User();
//        User userIn=new User();
        //获取用户提交的账号
        String account = (String)token.getPrincipal();
        System.out.println("帐号+++++++++"+account);
//        System.out.println(account);
        //密码
        String pwd = new String((char[])token.getCredentials());
        System.out.println(pwd+"密码+++++++++++++++=");

        //调用service的方法查询出一个user对象
       User user = userService.findUserByAccount(account);
        //从session中获取验证码
        if (user==null) {
            return null;
        }
        //保存当前用户的数据,将user放到session中
        session.setAttribute("user", user);
            System.out.println("realam"+user);
//        }


        //盐值
//        ByteSource byteSource = ByteSource.Util.bytes(account.getBytes());
        //将账号密码封装、返回
        SimpleAuthenticationInfo info =
                new SimpleAuthenticationInfo(user.getUser_account(), user.getUser_password(),  getName());
        return info;
    }

}

